New Home Infrastructure, including NextCloud a network build

Hello!
I’ve upgraded my ‘home infrastructure‘. Talked about the needs to upgrade and being stuck with a 100Mb/s network. Now I have managed to spend some of my summer earnings on this upgrade and this is how it looks like as of now.

My hardware setup:(Shipping included in price)
-4G dongle
Price: 75€
Link
-TW-LTE 4G/3G router
Price: 41€
Link
-I3-2120 based server bought second-hand from Huuto.net
Price: 128€
Link
-Fortigate FG-20C, the firewall
Price: 47€
Link
-Mobevo 4G antenna
Price: 18,20€
Link

-Total cost: 309,20€

In my last post on this subject I stated that I wanted a budget of 330-360€, which leaves some room to upgrade this list still if needed. Plus my brother decided to join the project, sharing the cost of the server and firewall. Thus lowering my stake significantly. We are also planning a backup server solution for later.

My software setup:
Utilizing open-source software like Ubuntu Server, SSL/TSL, LUKS et.al where all 0€. Which is really good, I’m not going to deploy any proprietary solution like Windows Server.

-Total cost: 0€

So what did I do to set it up? (NOTE: This is not an absolute guide/tutorial on how to do this, just how I did it, it might not work for you.)

1. Install ubuntu server 16.04. I followed basially all the steps here, except for only selecting “standard system utilities” in the software selection step. In this step I did set up disk encryption through selecting “guided – use entire disk and setup encrypted LVM” instead of the non encrypted option in this guide.

2. After logging into the server locally I ran sudo apt install xubuntu-desktop gedit lamp-server^

3. Because I have a separate drive for my nextcloud install I had to edit the 000-default.conf file, which is the default apache2 http configuration file. NOTE that you have to do the same to the default-ssl.conf file if you plan on running https, just substitute default-ssl.conf for 000-default.conf below.
sudo gedit etc/apache2/sites-available/000-default.conf
changed the to point to my secondary hard-drive instead of the default var/www/ location.
Then I changed the owner of that drive by
sudo chown -R www-data:www-data /media/mydrive/

Then I manually downloaded NextCloud and extracted the files into my downloads folder. Because I’m lazy and I like to have a UI I ran sudo thunar, which opens the file manager as root.
I navigated to my secondary drive, right-clicked the folder in question, selected properties, clicked the permissions tab and changed access of www-data to “Read & Write”. Then I simply copied the files over from my downloads folder to the new location on the secondary drive.

However I ran into a 403 error, after some googeling I found a solution here.

A usefull link I used in learning how to configure a web server.

4. Then I went on to install the PHP stuff that NextCloud needs. I base these instructions on linux.com’s NextCloud tutorial found here.
sudo apt-get install libxml2-dev php-zip php-dom php-xmlwriter php-xmlreader php-gd php-curl php-mbstring
a2enmod rewrite
sudo service apache2 reload

Now you should se your website if you navigate to 127.0.0.1

5. Then I went on to create a SSL certificate
I basically followed this guide to the letter

6. Web-server hardening
I to more or less followed Odd Random Thought’s guide on server hardening. The exceptions to this that I made was I used custom iptable rules and ignored all the wordpress specific stuff.

There has been a recent server weakness reported, so I decided to follow this articles guide to protecting my apache2 install
look here

I also decided to change the SSL port to custom port.

7. Employing a Hardware firewall. This is important, if you are going to host a server on the open internet you should do this. Every firewall config UI is different, but basically I told it to block everything except for a few tcp/udp ports. Remember, if you set a custom SSL port as I did, do also configure your firewall to allow traffic through it.

I basically configured my router to DMZ my public facing network to the Firewall and then from there I re-route the traffic to the server.

After this you should be good to go.

My Cloud Setup
NextCloud, since February there has been a split within OwnCloud and that said project has been forked, which now results in us having both OwnCloud and NextCloud. I like the NextCloud ideology of being more open-source and community based, in contrast to the more commercialized OwnCloud, so I went with NextCloud. Both of these platforms are still open-source, though OwnCloud has certain features locked for their commercial customers, while NextCloud has declared their intention to open-source these features. Some argue that the OwnCloud’s business model is key for running a company based on open-source technology. Only the future will tell who will succeed, hopefully both!
You can read more about it here.

Screenshot_2016-07-27_18-46-40

So the I3 based server will be utilized to host these services. The idea is for this setup to give me a Google docs, Dropbox and Spotify like service, so I can abandon them. Because I’m too stubborn to use Spotify(which I subscribed to when it still was new), so I have bought for example all my music I listen to, so I want to have a centralized place from where I can stream it, where ever in the world I am. I mean what would be the point of spending *cough* hundreds of Euros on purchasing your favorite songs and supporting the artists, if you can’t stream or sync it to your devices?

I set up some of the default apps:
Untitled

Even though I set up the default music app, there is a beta version of Ampache integrated with NextCloud. You can use this by going to personal under by clicking on your profile name up in the right corner. Then set it up and configure your music client to connect to your nextcloud. Unfortunatly it only seems to support .mp3 files for now since it is still in beta. It also seems to have difficulty working under http. NextCloud has also go an integrated video streamer, which allows you to stream .mp4 files, not anything else though. All of these features are still in the early stages and I’m utilizing NextCloud 9 and this will most likely change in future releases of NextCloud.

New network performance
The goal is to eventually reach a real speed of 65/35Mbps, though I doubt I’ll reach it where I live. When I tested the speed at my parents place, I got between 70-95/34-39Mbps. Though back home in Turku I only get 29-47/15-28Mbps on speedtest.net. This however means that outside the network the real client download speeds are around ~1.8-3.5MBps, compared to well over a stable 4MBps from my parents place. The speeds where similar at my parents place to those taken at my home in Turku With out the Mobevo antenna. The antenna had no effect in boosting the performance in Turku.

The future
I’m already planning a bunch of upgrades, though I don’t know which to go for. I want to build a custom router/firewall at some point
Collabora Office is also something I’m looking into integrating into my NextCloud in the near future. The current word editing software is not good enough and Collabora is based on the powerful LibreOffice suite.

My latest impulse buy, the GMX-5 gaming mouse

Hello!

I decided to impulse buy myself an new mouse, the Exibel GMX 5. It has an 6400 dpi and with the software drivers you get an [interpolated] 12800 dpi. Unfortunately for me as an Linux user there doesn’t seem to be any drivers, besides the plug-and-play ones. Though I still happy with the 6400dpi, which is an significant upgrade from my old A4Tech OD-35D, which I estimate had an dpi of around 800. This mouse goes under Clas Ohlson brand and is around 33€ from said place. The mouse is fairly heavy and sturdy compared to my old one, which doesn’t bother me or hinder my user experience.

With the OD-35D mouse, I started noticing that my aim in Insurgency was jumping slightly when I turned up the mouse sensitivity in the game settings. This mouse obviously doesn’t have that issue and is rather oversensitive while aiming and looking around in FPS games, though I’m still getting used to it. I haven’t tried other more expensive gaming mice and can’t thus compare it to those, but by looking at this mouse’s specs it should be competitive. I do sometimes feel the need to crank down the sensitivity, which is easily done by two buttons above the scroll wheel, obviously one is for added sensitivity and the other for decreased. The color on the mouse indicates a certain sensitivity setting, Red being 400 dpi, Orange 800, Green 1600, Blue 3200, Purple 6400 dpi.

In short, I can definitively recommend this mouse it gets the job done!

Tha box!
IMG_20160513_180326_HDR

Tha mouse!
IMG_20160514_133901_HDR

Links:
Finland
http://www.clasohlson.com/fi/Optinen-pelihiiri-Exibel-GMX-5/38-5533-1
The UK
http://www.clasohlson.com/uk/Exibel-GMX-5-Optical-Gaming-Mouse/Pr385533001

My home infrastructure

Hello!

Haven’t updated the site since November 2015, so I thought I post an update. I have since set up an cloud service from home intended for my own use. It has been a learning curve having to set up all the software to host this, although I had significant prior knowledge of similar things, so it was easier than I thought. I want to keep these kinds of services under my control, services like the cloud or music streaming. After all I spent lots of money buying the songs I listened to from Spotify back when you still could buy songs from Spotify. It is also a hassle to always back up or sync your play-lists between your different devices.

From a security perspective I find it creepy to know that cloud services like OneDrive etc. actually utilize your data for marketing purposes and what else. Even Spotify on android wants access much of your phone that isn’t necessarily related to the core service they provide. This means that your data is in one way or the other spread out over the Internet under different companies located in different countries and operating under different legislation. It could be as simple as your e-mail information being sold to third party advertisers and you receiving lots of SPAM due to it or if fallen into the wrong hands, such as criminals, then it could be used to do all kinds of nefarious stuff. Well, hosting everything your self isn’t arguably more safe either, considering corporations may have better resources to encrypt data and so forth, while you need to have a lot of knowledge to effectively protect yourself.

Current Network
Anyways, the network that I employ at home includes an hAP Mikrotik router, an Odroid C1 server and an ZTE 4G ‘modem’. The hAP has 5 100Mb/s Ethernet ports, this has however proven to have become an limitation. This only offers me 9-12MB/s (~70-95Mb/s) and is the current bottleneck in my home-based cloud infrastructure. For those that don’t know the difference between “MB/s” and “Mb/s”, they are basically the same thing but different in formats, both measure data transfer speeds. 1MB aka MegaByte is the same as 8Mb or Megabits, it can be confusing to get your head around.
IMG_20160228_175408_HDR

The server hosts Owncloud and Ampache. Owncloud is an Google docs + dropbox type of service. My Odroid C1 suffers from the same issue as my router, a 100Mb Ethernet port. It is however surprisingly powerful, I used to use an old Pentium T4400 dual-core server, which struggled with the same task and was much larger than the Odroid C1.
IMG_20160228_175511_HDR

Due to the router not supporting the kind of 4G router I’m using, I’m forced to connect the router to my 4G router via WiFi, providing me with much worse speeds than if I would connect it directly to my PC.
internet speed before

The Future
Well, there are problems with my current setup, which I started as an experiment into how to build a working LAN based cloud network. However I soon realized the limitations of the current network setup and have now started planning for an upgrade. My current thinking is to upgrade my server to the Odroid XU4, my router to the RB951G-2HnD and my 4G router to a ‘dumb’ router, namely the Huawei E3372, with an MiMo antenna. This would effectively bring my LAN network capacity to the Gigabit standard and should eliminate the router-via-wifi-to-4G problem. The estimated cost of this upgrade will be around 330-360€, which is an big investment considering I’m an financially poor Finnish student. The cost is the one factor holding me back since I need to secure the funds and remains a near future project for now. I would also like to integrate an proper office suite into my OwnCloud install, thus hopefully rendering Google docs completely obsolete in my case.